We'll be looking at the logical steps in using Twitter OAuth with the assistance of Apache Shiro. The demo app uses the Bootique Framework and the following Bootique Modules: Jersey (with Jackson), Jetty, MVC (with Mustache), and Shiro Web. The demo app is on GitHub.
We'll look at the screenshots first to get oriented on the process before looking into the logic. First our "Sign In with Twitter" button.
Next the familiar Twitter Authorization page.
Then back to the app where the user with an existing site account is logged in and new users redirected to the Account Signup Page. Account Signup Pages are of course optional.
Now onto a review of the logic in using Twitter OAuth with Twitter4J and Shiro. Below is the initial Twitter Sign-in method when clicking the Twitter Sign In Button.
Notice above that we first determine if we have a SocialUser object in session. That would be either a valid SocialUser or an incomplete Site Account due to a previously aborted sign-in. Our SocialUser is in the Spring Social user_connection tradition as you see in our user_social table design.
We are now authorized by our Twitter credentials to login to the site, or optionally create a new Site Account.
Site users are automatically logged in at this point, but first time users are directed to the Twitter Authorized Signup Form shown below (again).
The value of Shiro comes into play on the New Site Account form where we can use the additional information on the form to create our Shiro User and add the Shiro username to the SocialUser object (social_user.username) to establish the associated Account User SocialUser.